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ABSTRACT 


Missing in DHS’ current gap and vulnerability analysis approach to Red Teaming 
is the employment of broader decision support Red Teaming—which would 
provide a strategic assessment tool, assisting the organization in overcoming 
group thinking and a lack of organizational creativity, while avoiding mirror 
imaging. DHS, by broadening its use of Red Teaming, will improve its decision¬ 
making processes across all levels of homeland security. This research uses a 
selected case study—identifying and challenging assumptions inherent within 
TSA’s security system, analyzing the problem using an alternative model, and 
looking at the problem from different perspectives. Combined with evidence and 
analysis from historical examples, this effort is designed to determine whether 
decision makers can benefit from Red Teams and Red Team fundamental 
concepts, and whether these concepts will be effective in assisting DHS and its 
partners in making better decisions. 

America’s Homeland Security System is hampered by bureaucratic 
challenges. The U.S. government must dramatically re-orient itself. America 
needs to redefine its homeland security approach into a flexible adaptive system. 
Understanding the U.S. layers of security, and how they interact to defeat the 
terrorist threat, is as critical as understanding “Red”—what our enemies are 
doing. Trained Red Teams apply creative thinking, and Red Team fundamentals, 
challenge the organization’s assumptions, provide alternative analysis to the 
organization’s plans, and provide the decision maker with alternative 
perspectives on the current operating environment. Education on the Red Team 
Fundamentals should be implemented as mandatory for all homeland security 
leaders. DHS should: implement decision support Red Teams as part of its force 
structure; implement joint enterprise Red Teams between its own agencies and 
facilitate joint enterprise Red Teams between DHS and other security agencies, 
entities and partners; and implement Red Team integration into the Homeland 
Security technology approval process. 
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I. INTRODUCTION 


We know there are some things 
We do not know. 

—Secretary of Defense Don Rumsfeld - April 2003 

Adversaries currently facing the United States are tougher targets for our 
intelligence communities than was the Soviet Union.^ Among the many threats, 
facing homeland security is the asymmetric threat of terrorism. This terrorism 
threat can originate form abroad or be homegrown .2 One reason this new 
asymmetric threat is very difficult for us to deal with as a nation, is because 
today’s terrorists appear to possess thought processes that are very different 
from our own. We are not organized or equipped to handle most terrorist 
threats.3 This terrorist threat is asymmetric in nature and may originate from a 
sub national or multinational entity. As a result, the U.S. faces a significant 
challenge in trying to anticipate how the enemy will act against us.^ 

The Problem Statement: The Red Teaming approach used by the 
Department of Homeland Security is primarily the gap and vulnerability analysis 
approach. Physically oriented Red Teams using this approach focus on the 
ability to defeat security systems in the critical infrastructure arena.s Missing in 
DHS’ approach to Red Teaming is the employment of broader decision support 
to Red Teaming. Broader support would provide strategic assessment while 
assisting the organization in overcoming group thinking and a lack of 


"I Office of the Under Secretary of Defense for Acquisition, Technoiogy, and Logistics; 
Defense Science Board Task Force, The Role and Status of DoD Red Teaming Activities 
(Washington D.C., September 2003), 1. 

2 The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks 
Upon the United States (1\lew York: W.W. Norton & Company, 2004), 379. 

3 Robert David Steeie, “TAKEDOWN: The Asymmetric Threat to the A/af/on,” Joint Forces 
Quarteriy (Winter 1998-99). 

^ The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks 
Upon the United States, 105. 

3 Richard Alt (Red Team Leader, DFIS). Telephone interview, November 17, 2009. 
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organizational creativity or imagination, while avoiding mirror imaging. Within the 
Department of Homeland Security, as well as the homeland security community, 
a void exists in the area of decision support Red Teaming capabilities. This 
capability is designed to assist leaders in thinking Red when making critical 
decisions.6 DHS by broadening its use of Red Teaming from gaps and 
vulnerability analysis to include strategic decision support Red Teaming, DHS will 
grow its Red Team capability and improve decision-making processes across the 
tactical, operational, and strategic levels of homeland security. 

Examples: As dawn breaks, a Joint Task Force is steaming towards the 
Middle East. Recently a rogue Middle Eastern country has been thumbing its 
nose as UN demands to halt its nuclear enrichment program. The nation has 
become more and more belligerent, threatening U.S. interests and allies in the 
region. In response, the U.S. has sent a Joint Task Force to include a carrier 
group, with amphibious capabilities, in order to intimidate the rogue commander 
to comply through some arm bending diplomacy. If not, then the U.S. will have 
increased its military response options, by locating the task force close to the 
rogue nation. While most nations insist that the international water boundary is 
12 miles, the U.S. has maintained that it controls the blue ocean waters and to 
ensure international navigatibility, the international water boundary is only three 
miles from the rogue nation's shores. 

On day two, the naval flotilla has moved within striking distance of the 
rogue nation, ignoring the twelve-mile international water boundary. In response, 
the rogue commander sent out small PT style boats as pickets to pick up, locate 
the American flotilla, and make darting, harassing runs at the warships. 
Suddenly, at midnight of the second day, the rogue commander fires upon the 
Americans. Although not unexpected, the volume of the attack is surprising and 
quickly overwhelms the task forces defenses. As the sun rises on the third day. 


® The 9/11 Commission Report: Finai Report of the Nationai Commission on Terrorist Attacks 
Upon the United States, 364. 
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the Joint Task Force Commander examines the damage, to find over half of his 
war ships have been sunk or scuttled with thousands of military personnel, either 
killed or missingT 

How could this happen? How could the greatest military, with all of its 
superior information-gathering capabilities, misjudge or be surprised by a third- 
rate military power? Could this be fiction? Not quite. That is precisely what 
happened during Operation Millennium Challenge. Based upon the notional 
situation of a rogue nation in the Middle East, the U.S. staged a computer- 
enhanced exercise involving actual military forces in the field simulating some of 
the activities, pitting all our information-gathering capabilities and joint operating 
capabilities against a Red Team, who played the role of the enemy. The only 
problem is the enemy did not act the way he was supposed to act. Headed by a 
Vietnam-era, retired Marine Corp General Officer, LTG(R) Paul Van Ripper, the 
Red Team had its forces communicate by messenger or face-to-face. No phones 
allowed! This took away the Americans’ electronic eavesdropping capability. In 
response to expected U.S. sorties sent to knock out his long-range rocket 
capabilities. Van Ripper ordered all his long-range missile assets utilized in a 
sneak attack, before the U.S. began flight operations. Afterwards, the pentagon 
claimed this would never have happened. Van Ripper countered that only a fool 
would attempt to go head to head with the U.S. militarily after Desert Storm and 
the invasion of Iraq, which showed the world that the U.S. strike capabilities 
exceeded anyone’s imagination. ^ The military focused on the goal of obtaining 
superior intelligence while communicating large amounts of data—nearly 
instantaneously—in order to eliminate the fog of war and enable a smaller force, 
with speed and technology, to achieve decisive results. This similar approach, 
favoring the use of America’s technological advantages, has been adopted in 
homeland security. Through the increased use of technology, we can close the 

^ Malcom Gladwell, Blink: The power of thinking without thinking (New York: Little, Brown and 
Co., 2007). 

® D. Longbine, “Red Teaming: Past and Present” (Monograph, School of Advanced Military 
Studies, Fort Leavenworth, Kansas, 2008), 46. 
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gap in our vulnerabilities. Reliance upon technology and information to solve a 
problem is a typical American solution. Yet, despite our technological and 
information superiority, the enemy continually surprises us. 

A. UNDERESTIMATING THE ENEMY 

During Operation Iraqi Freedom, LTG Wallace, the V Corps Commander, 
told reporters, “The enemy we are fighting is a bit different than the one we war- 
gamed against.”^ LTG Wallace’s comment demonstrates that despite the 
deliberate planning effort before the U.S.-led invasion of Iraq, and the 
magnificent performance of the coordinated allied and U.S. military effort that 
resulted in complete dismantling of the Iraqi regime’s military between March 20 
and May 1, 2003, the effort failed to defeat the true enemy. The nature of the 
Iraqi regime collapse gave rise to the insurgency that the U.S. and allies 
continued to fight for almost five years after major combat operations ceased."'o 
After defeating the Iraq military, U.S. military planners had assumed that some of 
the government and military structure would still be in place to assist with the 
post-conflict stabilization operations. This assumption proved to be wrong, and 
went unchallenged during the planning process. 

In 2001, despite our efforts at deliberate planning for the security of the 
United States, the terrorists surprised our homeland security apparatus by using 
planes as weapons of mass destruction. Although our intelligence services 
envisioned this possibility, we failed to act upon this potential threat. Then again, 
the terrorists surprised us on December 25, 2009, Flight 253; Al Qaeda used a 
known but unexpected technique to bypass security defenses by sewing 
explosives in their operative’s underwear and attempting to create a chemical 
explosive reaction by injecting another chemical into the explosive. The resulting 


9 Michael Gordan and Bernard Trainer, Cobra II: The Inside Story of the Invasion and 
Occupation of Iraq (New York: Pantheon Books, Random House Inc. 2006), 311. 

Stephen T. Hosmer, “Why the Iraqi Resistance to the Coalition Invasion Was So Weak,” 
(Monograph, Rand: Air Force Project, 2007), 2. 
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explosion was intended to destroy the airplane, killing its passengers, crew, and 
potentially many more on the ground at the Detroit airport. 

B. THE PROBLEM WITH SURPRISE 

Surprise is a symptom of the systemic problem within the decision-making 
process and intelligence assessment involved in homeland security, resulting 
from failure of imagination or lack of imagination, reflected in the miscalculation 
created from projections of one’s own values unto the enemy’s actions and 
intentions.■'1 Our inability to recognize the weaknesses within our plans, security 
systems, and underestimating the intentions and capabilities of our enemies 
stems from this lack of imagination .12 This lack of imagination has basic penalties 
for both individuals and institutions. The basic penalties for lack of imagination 
are the failure to recognize danger—with a corresponding increase of 
vulnerability to strategic surprise, and a narrowing of “the menu of policy 
options."12 In Chapter 11 of the 9/11 Commission Report, “Foresight—and 
Hindsight,” the Commission considered “the 9/11 attacks revealed four kinds of 
failures on behalf of the U.S. Government. Failures: in imagination, policy, 
capabilities and management.”i4 Of these four types, they considered 
imagination failure to be the most grave. The Commission attributed the failure to 
understand the danger America faced to the inability to perceive the dangers of 
Islamic terror, to identify al-Qaida as the enemy, and to anticipate that America’s 
enemies could use commercial passenger airplanes as weapons of mass 
destruction. Although posed as an open question, the Commission concluded, 
that: “...the possibility [of a suicide aircraft hijacking] was imaginable, and 


11 James Wirtz, “Miscalculation, Surprise and American Intelligence After the Cold War,” 
International Journal of Intelligence and Counterintelligence 5, no. 1, 1991,5. 

12 Ibid., 5. 

12 j. Fishman, “The Need for Imagination in International Affairs,” Israel Journal of Foreign 
Affairs III (2009), 3. 

14 The 9/11 Commission Report: Final Report of the National Commission on Terrorist 
Attacks Upon the United States, 356. 
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imagined. "15 The consequences of this failure: “Nearly three thousand people 
died in the terrorist attacks of September 11, 2001. In Lower Manhattan, on a 
field in Pennsylvania, and 103 along the banks of the Potomac, American’s died 
as a result of this imagination failure. It is wrong to think of imagination only as 
a child’s pastime. If a government’s ability to recognize a “first-order threat” and 
to choose an appropriate defensive response depends even partially on 
imagination, then being able to exploit the lessons of historical experience and to 
make creative use of this gift is really a matter of strategic importance. This 
necessary government skill is even more important if the adversary seeks to 
inflict (and is prepared to accept) great losses in order to achieve its ends.i"^ 

C. FAILURE OF IMAGINATION 

Five years after the 9-11 commission finalized its report and submitted 
recommendations, the criticism in the commission’s findings still echo: “We 
believe the 9/11 attacks revealed four kinds of failures: 1) in imagination, 2) 
policies, 3) capabilities, and 4) management.i^ The commission concluded that 
the intelligence community had failed to analyze how an aircraft, hijacked or 
explosion-laden, could be used as a weapon. They failed to do the kind of 
analysis desperately needed from the enemy’s perspective (“Red Team” 
analysis); despite the fact suicide terrorism had become a principal tactic of 
Middle Eastern terrorist.19 “Imagination is not a gift usually associated with 
bureaucracies,”20 so how does DHS ensure that there are no repeat failures in 
imagination? 


15 The 9/11 Commission Report: Finai Report of the Nationai Commission on Terrorist 
Attacks Upon the United States, 352. 

16 Ibid., 109. 

17 Ibid., 106. 

16 Ibid., 107. 

10 Ibid., 347. 

20 Ibid., 346. 
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D. SECURITY CHALLENGES 

Predicting and anticipating what the enemy will do is an extremely difficult 
task. The security environment facing the U.S. homeland is dynamic and 
adaptive. Unlike the days of the Cold War, where foreign nation states would 
exhibit warnings and indications that their military machine was revving up to flex 
its muscle, our modern-day enemy is a terrorist. The indications that a terrorist is 
getting ready to act are subtle, and their members are hidden among the general 
population.21 Our security response capability has to continually adapt to match 
this changing operating environment. Because of its investigation results, the 911 
Commission Report challenged DHS and the intelligence community to adapt 
and incorporate Red Teaming .22 Within the Department of Homeland Security, 
several agencies have acted upon the 9-11 Commission’s recommendations and 
are implementing Red Teaming. However, no one seems to know exactly how 
many Red Teams exist, what type of training they have been exposed to, and 
how exactly they are being utilized.23 The current Department of Homeland 
Security Red Team is housed within the Department of Homeland Security 
Homeland Infrastructure Threat and Risk Analysis Center (HITRAC), and is 
referred to as the Critical Infrastructure Red Team (CIRT).24 The CIRT is 
designed to help educate and enhance DHS and National Infrastructure 
Protection Plan (NIPP) partners’ understanding of the threats to Critical 
Infrastructure and Key Resources by introducing them to a synthesis of 
operational planning and terrorist-intelligence capabilities through a process of 
target selection. These capabilities include: 1) Analyzing terrorist targeting 
choices, 2) providing terrorist planning perspectives, 3) developing simulated 


21 R. Poole, “Toward Risk-Based Aviation Security Policy”, Discussion Paper No. 2008-23 
(Joint Transport Research Centre (November 2008), 11. 

22 The 9/11 Commission Report: Finai Report of the Nationai Commission on Terrorist 
Attacks Upon the United States, 347. 

23 Federal, state, and local government representatives (Second DHS Red Team 
Conference) personal interviews, February 2009. 

24 Alt, Criticai Infrastructure Red Team, Brochure, undated. 
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terrorist attack plans . 4) designing and executing tailored tabletop simulations 
and 5) translating insights obtained from specific operations and exercises useful 
lessons learned.^s 

Department of Homeland Security’s Critical Infrastructure Red Team 
attempts to replicate the terrorist perspective the security vulnerabilities of a 
critical infrastructure by identifying a terrorist target selection based on a terrorist 
threat perspective chosen from a specific threat group, a Universal-Adversary 
Program profile, or is uniquely constructed from emerging intelligence data. GIRT 
develops an understanding of the selected adversary’s selection criteria in order 
to replicate its method of target selection. The team utilizes such aspects as a 
terrorist group’s ideology to understand target desirability, its goals to determine 
desired results of the attack, and its resources and capabilities to determine the 
attack method, scale, and timeline.26 

The GIRT provides this outreach program to assist any federal, state, 
tribal, or local activity, or any critical infrastructure/key resource owner or 
operator, and tailors the product to the particular need of its security partner. The 
team operates from the adversary’s vantage point and information constraints, 
without taking advantage of internal DHS intelligence and security insight. Their 
assessments are based on operationally validated findings through both open- 
source and on-site reconnaissance (when approved), rather than solely on 
engineering-based assumptions. GIRT develops its terrorist attack plans in 
sufficient detail to translate the plans into briefings that can help owners and 
operators better understand terrorist planning factors and how a terrorist might 
view individual targets’ security, exploiting vulnerabilities it finds.27 

The GIRT’s Red Teaming effort is focused almost entirely on physical Red 
Teaming, or defeating security processes and procedures to demonstrate 


25 Alt, Critical Infrastructure. 

26 Personal Interviews, DHS Red Teaming Conference, February 2009. 

27 Alt, Critical Infrastructure. 
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vulnerabilities in plans, processes, and systems designed to protect critical 
infrastructure. Currently, GIRT operates primarily as threat emulators, 
incorporating an attacker defender model to assess vulnerability of our critical 
infrastructures. The attacker-defender model assesses vulnerability by first 
assuming that our critical infrastructure will be attacked.28 The focus of the GIRT 
program is limited to a specific narrow threat related to specific targets. The DHS 
Red Team does this very well and performs a valuable service when assessing 
the vulnerability of a particular critical infrastructure. 

This physical and active Red Teaming performed by the GIRT is an 
essential capability within DHS. However, the broader utilization of Red Teams at 
the strategic level, and greater understanding and incorporation of Red Team 
fundamentals by homeland security leaders, is often missing. Adoptions of Red 
Teaming at the strategic level within DHS will enable it and its partners to 
become a learning organization. What is missing is Decision Support Red 
Teaming, or analytical Red Teaming at the strategic level, designed to assist 
leaders in thinking Red (understanding the enemy’s perspective) when making 
critical decisions. Recently, the Homeland Security Advisory Gouncil to the 
incoming Secretary of Homeland Security highlighted this deficiency. A 
mechanism must be developed to enhance leaders’ abilities to think like our 
adversaries, or to look at problems through different lenses and challenge 
institutional assumptions.29 Expanding the use of Red Teams beyond the active 
and tactical focus, and the incorporation of fundamental Red Team concepts by 
DHS leaders, will help to routinize imagination within Homeland Security. 

Despite America’s technological advantage, we continue to be surprised 
by the enemy. The enemy surprised America on 9/11, the enemy surprised 
America’s security forces during operational exercises in the case of GEN Van 
Ripper’s actions and comments during millennium challenge. Finally, the 

28 Gerald Brown et al., “Defending Critical Infrastructure,” Interfaces 36(6), (2006) 530-544. 

29 Homeland Security Advisory Council, “Top Ten Challenges facing the Next Secretary of 
Homeland Security” (Washington, D.C., Government Printing Office, September 11,2008), 12. 
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American military forces were also surprised during combat operations during 
operation Iraqi Freedom per the comments of LTG Wallace, that the enemy was 
not the enemy we planned for.^o |n order to attempt to provide an institutional 
antidote for surprise, DHS has implemented tactical, security-focused Red 
Teams through the GIRT. Unfortunately, these teams afford DHS only a small 
section of the overall benefits that could be enjoyed by creating and 
implementing a broader application of the Red Team concept and Red Teaming 
fundamentals. 


30 Bob Kerr, Comment on “Meet the Press: New Combined Arms Center commander 
discusses Iraq, training, leaders, lessons-learned.” Posted August 28, 2003, TRADOC News 
Service. 
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II. RED TEAM FOUNDATIONS 


To every complex question, there is a simple answer 
and it is wrong... 


—H.L. Mencken 


A. UNDERSTANDING RED TEAMING 

The literature on Red Teaming specifically related to homeland security or 
defense is relatively limited and undeveloped. The literature that does exist, for 
purposes of this research, will be divided into three general categories. The first 
involves Red Teaming within the Department of Defense (DoD). The second sub 
area of literature related to Red Teaming explores its development through 
history. The third sub area of literature involves the issue of Red Teaming as it 
relates specifically to the way it is executed. The most notable reference to Red 
Teaming within homeland security literature is the 9-11 Commission Report, 
which identifies Red Teaming as a critical element lacking within our homeland 
security and intelligence structure.^i 

B. DEFINING THE TERM RED TEAM 

One area of significant divergence within the literature about Red Teaming 
is the term itself. “Red Teaming” resists being easily defined, because it is 
applied in so many different forms to so many different types of problems.32 
Reviewing literature beyond homeland security, the term Red Team describes an 
array of activities. However, throughout the attempts to define the scope of 
activities that comprise Red Teaming and attempts to identify the varying types of 
Red Teaming, there appears to be agreement that the overall goal of Red 
Teaming is to challenge one’s own assumptions in order to better understand the 


31 The 9/11 Commission Report: Finai Report of the Nationai Commission on Terrorist 
Attacks Upon the United States, 352. 

32 Mike McGannon, “Developing Red Team Tactics, Techniques and Procedures,” Red 
Team Journai, April 2004). 
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adversary’s perspective and to identify one’s own vulnerabilities.33 Red Teaming 
typically is used as a peer review process of a concept or proposed course of 
action.34 Red Teams can be utilized to look for unexpected scenarios or identify 
unexpected consequences to a particular approach. It can open a new way of 
thinking about the security environment, by anticipating and simulating the 
decision making and behaviors of potential adversaries.35 America’s adversaries 
will continue to adapt to our security concepts in new and unexpected ways, by 
emphasizing their own strengths.36 Red Teaming is beneficial to the security of 
the United States because it allows us to examine how our enemies view us, so 
that we can better understand how they evaluate our strengths and 

weaknesses.37 


33 Anna Culpepper, Effectiveness of Using Red Teams to Identify Maritime Security 
Vulnerabilities to Terrorist Attack, Naval Postgraduate School Master’s thesis, September 2004, 

9. 

34 Timothy Malone and Reagan Schaupp, “The Red Team: Forging a Well-Conceived 
Contingency Plan,” Aerospace Power Journal X\/\, no. 2 (Summer 2002), 23. 

35 John F. Sandoz, “Red Teaming: A Means to Military Transformation,” Institute for Defense 
Analyses Paper P-3580, Log H 00_002905 (January 2001), 1. 

36 Ibid., 2. 

37 McGannon, “Developing Red Team Tactics, Techniques and Procedures,” The Vanguard, 
(Spring 2005), 4. 
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A function that provides commanders an Independent capability to fully 
explore alternatives in plans, operations, concepts, organizations, and 
capabilities In the context of the operational environment and from the 
perspectives of partners, adversaries, and others. 



• Alternative Perspectives from a • Group ThInK 

trained, educated, and functional team . fj/ifrror Imaging 


• Anthropological tool kit for cultural 
considerations of adversaries and 
coalition partners 

• Communication, negotiation, & RT 
TTP capability for internal critical 
analysis or review without being a 
disruptive force 


• Cultural Missteps 

• Tunnel Vision 

• Failing to account for the 
complexity of the OE 

• Gravitational pull of our own 
organizations & culture 


• Theoretical analysis of complex 
situations 


• How the enemy and other 
stakeholders thinki 


Figure 1. UFMCS Definition of Red Teaming 


Figure 1 represents the University Foreign Military and Cultural Studies 
(UFMCS) definition of Red Teaming, which emphasizes the use of the Red Team 
to create an independent capability for the head of the agency to conduct 
independent and alternative analysis.38 A trained Red Team can be a value¬ 
adding mechanism to the decision maker’s analytical process.39 It assists the 
decision maker by providing insight to threat perspectives, while also challenging 
the assumptions and perspectives of the organization.40 Done successfully, 
decision support Red Teaming can assist the decision maker by ensuring he or 
she gets a broader view of the problem, operating environment and 


38 Red Team Handbook, version 4, 10. 

39 Ibid., 11. 

40 Ibid. 
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understanding of vulnerabilities inherent within the analytical process of the 
decision, due to organizational bias, perspective, and interpretation of the issue 
to be decided.41 

Within the Department of the Army, Red Teams accomplish a number of 
tasks, including identifying how the enemy and other stakeholders think and 
helping to identify cultural issues involving the enemy and U.S. partners.42 
Although similar within the other services. Red Teams are viewed and employed 
differently. The air force’s definition is more practical of the Red Teaming 
process, in that Red Teaming is defined as an iterative, interactive process 
conducted during crisis action planning to assess planning decisions, 
assumptions, courses of action, processes, and products from the perspective of 
friendly enemy and outside organizations.43 

DHS and its agencies and partners have implemented the Red Teaming 
concept in various ways. The DHS Exercise and Evaluation program defines a 
Red Team as a group of subject matter experts with various appropriate 
disciplinary backgrounds that provides an independent peer review of plans and 
processes, acts as a devil’s advocate, and knowledgably role-plays the enemy 
using a controlled, realistic, interactive process during operations planning, 
training, and exercising.44 For purposes of this study, I have adopted the 
definition used by Dr. Kirkpatrick and her team, which is broadly inclusive of Red 
Teaming activities that serve as surrogate adversaries or competitors of the 
enterprise—devil’s advocates, independent sources of judgment of the 


41 Meehan, “Red Teaming for Law Enforcement,” The Police Chief Magazine 74, no. 2 
(Alexandria, Virginia, February 2007), 1. 

42 Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics; 
Defense Science Board Task Force, The Role and Status of DoD Red Teaming Activities, 
(Washington D.C., September 2003), 3. 

43 Red Team Handbook, version 4, 24. 

44 Meehan, “Red Teaming for Law Enforcement,” 2. 
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enterprise’s normal process. jhis definition encompasses most of the 
approaches to Red Teaming currently used within the U.S. intelligence 
community, defense, and homeland security.^e 

Examining the many definitions and their origins helps to gain insight into 
the fundamentals of Red Teaming. At its essence. Red Teaming is about the 
culture of an organization.47 An effective use of Red Teaming or Red Team 
fundamentals involves more than the establishing a Red Team—it involves a 
process by which the Red Team concepts are received, understood and 
considered throughout an organization.48 

C. RED TEAM’S ROLE 

There are also significant differences of opinion within the literature 
regarding the approach Red Teaming should take. One set of authors argues 
that Red Teaming should be unstructured and operate at the planning, cognitive 
level, providing contrary and independent opinions while working outside the 
organization’s decision-making process.49 Others view Red Teamer’s true role 
as serving as actual surrogate adversaries or competitors of the enterprise.Still 
others within the Department of Army literature view the Red Teaming process 
as one of critical thought, aiding decision makers through a structured iterative 
process.51 Within the homeland security literature, the approach to Red Teaming 
is viewed as a set of individuals who are experts—“bad actors” who innately 
understand how to undermine systems and specific types of targets to be 

45 Shelley Kirkpatrick, Shelly Asher, and Catherine Bott, “Staying One Step Ahead: 

Advancing Red Teaming Methodologies through Innovation” (Arlington, VA: Homeland Security 
Institute, 2005), 2. (FOUO). 

46 Ibid., 3. 

47 The Role and Status of DoD Red Teaming Activities, 1. 

48 Ibid., 3. 

49 Gregory Fontenot, “Seeing Red: Creating a Red-Team Capability for the Blue Force,” 
Military Review85, no. 5 (September 2005). 

50 Richard Craft, “A Concept for the Use of Red Teams in Homeland Defense” Sandia 
National Laboratories (September. 26, 2002). 

51 Malone and Schaupp, “The Red Team, Forging a Well-Conceived Contingency Plan,” 23. 
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attacked.52 Red Teaming can be an interactive process conducted during crisis 
action planning to assess planning decisions, assumptions, processes and 
products from the perspective of friendly partners, the enemy and others.53 An 
effective Red Team can serve the enterprise as an independent resource for the 
decision maker by providing an independent review of the agency’s products and 
reasoning. Even the most talented group of planners and critical thinkers cannot 
identify their own oversights, and sometimes are unable to see the overall big 
picture.54 

At the strategic level an effective Red Team can assist by pinpointing key 
decision points for the leader, identify planning shortfalls, highlight differences 
between plans and doctrine, while also helping to identify unintended 
consequences, second- and third-order effects.55 Red teaming can assist the 
decision maker and planners by contributing to a greater understanding of the 
overall security environment, and how adversaries might oppose and attempt to 
defeat U.S. security efforts.56 Red Teaming in general offers a hedge against 
surprise and challenges complacency, as well as exposing how well an agency 
understands its own plans and procedures.57 Each of these approaches and 
methodologies, although divergent in their perspectives are similar in their 
ultimate objectives and contributions to the Red Team context.58 

There has also been a disparity on the issue of where to focus Red 
Teaming efforts, in terms of whether the focus should be entirely on role-playing 
adversaries, or if true emphasis is on challenging aspects, plans, programs etc. 


52 B. Tuchman, The Guns of August (New York, NY: Macmillan Publishing Co., Inc., 1962), 

53 Malone and Schaupp, “The Red Team, Forging a Well-Conceived Contingency Plan,” 23. 

54 Ibid., 24. 

56 Red Team Handbook, version 4, 23. 

56 Sandoz, “Red Teaming: A Means to Military Transformation,” 17. 

57 Meehan, “Red Teaming for Law Enforcement,” 3. 

56 Kirkpatrick et al., “Staying One Step Ahead,” 2. 
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of the enterprise that establishes the Red Team.^s Shifting the focus from the 
enemy perspective to the originating organization’s perspective places the Red 
Team more in the role of the devil’s advocate, enabling the team to offer a 
critique of the organizations assumptions, strategies, plans, concepts, programs, 
projects and processes, and sometime offering alternatives to those efforts.so 

D. RED TEAMING HISTORICAL USE 

The second sub area of literature related to Red Teaming explores its 
development through history. Researchers seem to agree that the origins of Red 
Teaming stem from the nineteenth century when German military strategists 
developed the Kliegspiele (war game). Kriegspiele, which was a rules-based map 
simulation war game, provided the opportunity to train and test concepts and 
plans, while evaluating leadership.Post WWI, Germany, England, France, and 
the United States all utilized war-gaming on various levels to improve and/or 
validate lessons from WWI and develop plans for future conflicts. 

One of the best-documented war games is the Strategy and Force 
Evaluation (SAFE) hosted by Rand Corporation in the 1960s, which yielded 
branch points that inspired seminars to examine the consequences of the 
strategies selected and those rejected.63 in the true sense of war-gaming, during 
the Cuban Missile Crisis (1962), President Kennedy organized the Executive 
Committee of the National Security Council to advise him on the situation and 
potential U.S. responses to the unfolding crisis.64 This move was a deliberate 
attempt to consider alternative courses of action as a counterbalance to the 

69 The Role and Status of DoD Red Teaming Activities, 2. 

60 Ibid., 4. 

6’’ Gary D. Brewer and Martin Shubik. The war game: a critique of military problem solving 
(Harvard University Press, Cambridge, MA, 1979), 23. 

62 Homeland Security Advisory Council, “Top Ten Challenges facing the Next Secretary of 
Homeland Security” (Washington, D.C., Government Printing Office, September 11,2008), 12. 

63 Dietrich Dormer, The Logic of Failure: Why Things Go Wrong and What We Can Do To 
Make Them Right {New York: Metropolitan Books 1996), 169. 

64 The Role and Status of DoD Red Teaming Activities, 3. 
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strong military response being advocated by other advisors, primarily military 
chiefs. Although not always called Red Teaming, the literature agrees that 
throughout history, the military and government decision makers have employed 
Red Teaming fundamentals during times of stress and conflict to provide 
decision makers with a better understanding of how their actions and decisions 
will be perceived by the enemy, alternative analysis, and a challenge to their own 
organization’s assumptions. 

E. CATEGORIZING TYPES OF RED TEAMING 

The third sub area of literature dealing with the issue of Red Teaming 
relates specifically to the way Red Teaming is executed. Here there is significant 
incongruity about how to conduct Red Teaming. These varying methods of 
implementing the Red Team concept contribute in part to the confusion of 
establishing a definition.65 Army Red Teaming can focus on very technical issues 
and vulnerability analyses, focusing on capabilities instead of the probability the 
enemy will use those capabilities.66 

Categorizing the broad spectrum of Red Teaming approaches can be 
done upon two broad dimensions: (1) passive or active, and (2) structured or 
unstructured.67 Active Red Teaming is often used to physically test friendly 
tactics before using them in a live or hostile environment. Active Red Teaming is 
used to train operational staff to respond to adversarial actions, by serving as 
surrogate adversaries and competitors.68 The purpose of active Red Teams is to 
sharpen skills, expose vulnerabilities that adversaries might exploit and, in 
general, increase understanding of potential actions and counter-actions of 
potential adversaries.69 


65 The Role and Status of DoD Red Teaming Activities, 4. 

66 Ibid., 5. 

67 Malone and Schaupp, “The Red Team: Forging a Well-Conceived Contingency Plan.” 

68 Kirkpatrick et al., “Staying One Step Ahead,” 4. 

69 The Role and Status of DoD Red Teaming Activities, 4. 
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Passive Red Teaming is used to provide alternative perspectives, 
challenge existing assumptions, and identify how the enemy may adapt to U.S. 
capabilitiesTO These categories are reflected within the numerous Red Teams 
throughout the U.S. government.^! The purpose of passive Red Teaming is to 
aid the organization by providing critical analysis in order to anticipate problems 

and avoid surprise .'^2 

The literature specifically addresses these methods of facilitating Red 
Teaming by analyzing the different approaches of existing Red Teams.'^3 por 
example, the Navy’s program, although originally created to identify potential 
vulnerabilities that might put the U.S. Navy at risk, now evaluates and assesses 
findings from the intelligence community.'^^ Comparatively, the Air Force Red 
Team program provides assessment of concepts and technology in order to 
evaluate and recommend friendly system improvements. 

One essential product of Red Teaming is the study and research of what 
the opponent or the enemy is doing in order to understand, avert, or at least 
mitigate the possible harmful effects of what the adversary plans to do.^e The 
U.S now faces emerging threats that are more modern and better equipped in 
knowledge, information, and technology. This includes new technology in 
armament, new kinds of warfare, weaponry, and other dynamics of battle, 
coupled with wider fields of destruction and violent international fighting. The 
threat is also non-traditional; they are not nation states, but instead the potential 
opponents are fanatics and are committed to the extreme sacrifice of going 


Kirkpatrick et al., “Staying One Step Ahead,” 4. 

Maione and Schaupp, “The Red Team: Forging a Well-Conceived Contingency Plan.” 
^2 The Role and Status of DoD Red Teaming Activities, 4. 

^2 Malone and Schaupp, “The Red Team: Forging a Well-Conceived Contingency Plan.” 
74 Ibid. 

72 Ibid., 

76 The Role and Status of DoD Red Teaming Activities, 2. 
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suicidal in order to achieve their objectives'^ This new threat was exemplified in 
the case with the hijackers on September 11,2001, and has continued to evolve 
through the attempted bombing of Flight 25378 

The policy of using Red Teaming as a mechanism for threat emulation or 
threat assessment fails to fully utilize the broader scope of Red Teaming, which 
includes the analytical side of Red Teaming. Historically, military organizations 
have used wargaming with adaptive simulated enemies to test war plans, as well 
as emerging concepts.^9 The U.S. military has been using Red Teams to test 
their planning for over thirty years.80 

DHS uses its Critical Infrastructure Red Team in a traditional role of threat 
emulator, seeking to understand the enemy’s perspective and anticipate the 
enemy’s conduct in order to role-play bad actors in DHS exercises. The goal is to 
improve security systems and personnel responses to enemy actions. These 
Red Teams seek to identify vulnerabilities within these critical infrastructure 
security systems so that areas of weakness can be identified and strengthened, 
and vulnerabilities eliminated or mitigated.81 DHS Red Teams focus on how an 
identified or created advisory could defeat security systems of a particular critical 
infrastructure target.82 Often, this physical Red Teaming entails individuals 
portraying actual, realistic, adversary action and counteraction to security 
procedures during an exercise. The Red Team will act according to a selected 
group’s motivations, capabilities, and intent, based upon known terrorist tactics, 
techniques, and procedures.83 

The 9/11 Commission Report: Finai Report of the Nationai Commission on Terrorist 
Attacks Upon the United States. 

^8 U.S. Senate, Homeland Security and Governmental Affairs Committee, “Inteiiigence 
Reform: The Lessons and Impiications of the Christmas Day Attack,” Dennis Blair, Testimony 
(January 20, 2010). 

^8 Peter Andrews, Executive Technology Report, IBM Advanced Business Institute (2005). 

80 Ibid. 

81 Alt, Critical Infrastructure. 

82 Ibid. 

83 Ibid. 


20 



Another one of the DHS Red Team strategies is to employ Red Team 
techniques within the intelligence and warnings area.84 Within the Department 
of Homeland Security, as well as the homeland security community, a void exists 
in the area of decision support Red Teaming capabilities and the broader 
application of Red Team fundamentals. This capability is designed to assist 
leaders in thinking about the enemy’s potential responses to security initiatives.^5 
The Homeland Security Advisory Council recently highlighted this deficiency to 
the incoming Secretary by suggesting that a mechanism must be developed to 
enhance a leader’s ability to think like our adversaries, or to look at problems 
through different lenses and challenge institutional assumptions.^6 

The U.S. has a continuing need to better understand and anticipate the 
adaptive and complex nature of our adversaries in order to reduce our 
vulnerabilities and increase security. 87 por years, the U.S. military has 
recognized this need to anticipate what the enemies’ actions will be, thus the 
development of kriegspiele and wargaming as an effort to “write history in 
advance.”88 The Red Teaming concept is an extension of that historical effort to 
increase security and defeat or mitigate the impact of the enemies’ actions.89 The 
need for more extensive and broader applications of Red Teaming is greater 
today, due to increased complexity and the adaptive nature of the security threat 
facing the U.S.so 


84 Meehan, “Red Teaming for Law Enforcement,” 1. 

85 The Role and Status of DoD Red Teaming Activities, 15. 

86 Homeland Security Advisory Council, “Top Ten Challenges Facing the Next Secretary of 
Homeland Security,” (Washington, D.C., Government Printing Office, September 11,2008), 12. 

87 Kirkpatrick et al., “Staying One Step Ahead,” 1. 

88 Richard Sinnreich, “Red Team Insights from Army Wargaming,” Defense Adaptive Red 
Team Working Paper #02-3 (September 2002), 15. 

89 Ibid., 15. 

90 Kirkpatrick et al., “Staying One Step Ahead,” 44. 
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III. RED TEAM FUNDAMENTAL CONCEPTS 


We can’t solve problems 
by using the same kind of thinking 
we used when we created them. 

—Albert Einstein 

The Red Team fundamentals include critical thinking and analysis to 
challenge and provide alternatives.Critical thinking forms the foundation of Red 
Teaming. Our thinking, planning, and actions are often tainted, biased, distorted, 
partial or uniformed by our experiences or some starting point we use to filter 
information.92 Red Teams use critical thinking to analyze plans, operations, and 
concept developments for the head of the agency. Although the leader can do 
this alone, it is often virtually impossible for the leader or the staff to avoid the 
gravitational pull of the organization, to see and interpret facts a certain way, and 
to support the agency position.93 This thesis will examine a thorough a case 
study of a security risk posed to homeland security. By analyzing the security 
risk through analysis of the Red Team, fundamental concepts determine whether 
doing so would have improved the decision-making process. 

A. ANALYZING TO CHALLENGE 

One of the most critical Red Team analytical concepts and skill sets 
utilized by trained Red Teams is to identify and challenge stated and implied 
assumptions made by their organization. Assumptions are information accepted 
as truth in the absence of facts, and they are utilized to continue planning and 
operations.94 Assumptions come in various forms, both stated and implied, that 
are used by decision makers to reach a conclusion. Some assumptions are the 

91 Red Team Handbook, version 4, 11. 

92 Linda Eider and Paul Richard, The Miniature Guide to Criticai Thinking Concepts and 
Toois. 2"'^ Ed. (Dillon Beach, CA: The Foundation for Critical Thinking, 2005), 1. 

93 Longbine, “Red Teaming: Past and Present,” 61. 

94 Headquarters Department of the Army, Fieid Manuai 5-0: The Operations Process 
(Washington D.C., March 2010), 2-8. 
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result of mirror imaging, cultural bias, arrogance, or a product of successful 
patterns. By first identifying and then challenging these assumptions, the Red 
Team is allowed to raise the decision maker’s awareness of the assumptions, 
see how the assumptions may impact his decision—or skew his and his staff’s 
understanding of the operating environment. A thorough review of the 
assumptions can help ensure the assessment does not rest on faulty logic or a 
false premise. One of the most difficult challenges a decision leader can face is 
identifying hidden assumptions; ideas held to be true, often at the unconscious 
level, are seldom examined, and almost never challenged. 

B. THE ROLE OF DEVIL’S ADVOCATE 

Challenging the status quo is often referred to as playing the “devil’s 
advocate.” A devil’s advocate must provide closer scrutiny to the assumptions or 
mind set by challenging the prevailing wisdom, or strongly held view, by building 
the best possible case for an alternative explanation. This practice was originated 
by the Catholic Church during the canonization of a saint. The Church would 
appoint a canon lawyer to argue against the canonization of the candidate.96 
During the process, the “devil’s advocate” took a skeptical view to challenge the 
position of the petition in order to fully exercise the process of canonizing a 
candidate, to expose any weaknesses, and to ensure only worthy candidates 
were approved for sainthood. Devil's advocacy takes a formal statement of a 
proposed course of action and analyzes the underlying proposal for 
inconsistencies, inaccuracies, and irrelevancies. A critique is then prepared of 
the proposed action by building the best possible case for an alternative 
explanation, based on this examination. If the organization’s proposal is found to 
be unsound, the devil's advocate should develop a reanalysis of proposal.97 This 


96 Longbine, “Red Teaming: Past and Present,” 14. 

96 Virgil Robinson, comment on “History of the Devil’s Advocate,” The Possibility Advocate 
Blog, comment posted September 2008. 

97 Charles Schwenk, “Devil’s Advocacy in Managerial Decisions,” Journal of Management 
Studies2^, no. 2 (April 1984) 153-168. 
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technique is best used to challenge a key assumption or consensus that the 
organization cannot afford to get wrong. By deliberately challenging the 
organization’s own plans, programs and assumptions, Red Teaming can identify 
strengths, weaknesses, opportunities and threats that were not considered, or 
not given proper critical review. This action will assist the leader and the 
organization in militating against the comfort or complacency of accepted 
assumptions and beliefs, and ensure the decision will withstand close scrutiny. 

C. ALTERNATIVE ANALYSIS 

Alternative analysis is used as a decision-support tool in numerous 
agencies within DoD, to include logistics acquisition and Army Corps of Engineer 
problem solving. Alternative analysis is accomplished by providing the decision 
maker with a different picture of the operating environment, framing the problem 
differently, presenting different potential solutions, and highlighting the 
vulnerabilities of the adversary.98 .On key issues, where there are competing 
views within an organization, then a Team A/Team B analysis is one technique 
that can help decision makers understand the merits of both opposing views and 
facilitate an independent decision based upon the merits. This decision-support 
tool is utilized to provide the decision maker with greater understanding of the 
situation, problem, and overall operating environment. Alternative analysis is 
used to improve intelligence process and estimates. The Report to the President 
of the United States (2005) states: 

The widely recognized need for alternative analysis drives many to 
propose organizational solutions, such as “red team” and other 
formal mechanisms. Indeed, the Intelligence Reform and Terrorism 
Prevention Act mandates the establishment of such mechanisms to 
ensure that analysts conduct alternative analysis. Any such 
organs, the creation of which we encourage, must do more than 
just alternative analysis, though. The Community should institute 
formal system for competitive — and even explicitly contrarian — 


Longbine, “Red Teaming: Past and Present,” 11. 
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analysis. Such groups must be licensed to be troublesome. 
Further, they must take contrarian positions, not just ones that take 
a harder line.^s 

Some techniques used to generate alternative analysis involve analysis of 
competing hypotheses and Team A/Team B exercises, among others. The value 
of spending time and resources to conduct alternative analysis is found in the 
benefits to the organization and decision maker, through filling gaps in 
understanding, identifying vulnerabilities and opportunities, avoiding groupthink, 
mirror imaging, cultural missteps and organizational tunnel vision. Red Teaming 
is an organizational solution to ensure that alternative, even contrarian, positions 
receive adequate effort and attention by decision makers, Decision makers 
and organizations that engage in alternative analysis improve their decision 
making, identify more effective action, and develop a more holistic understanding 
of the possible outcomes related to decisions, loi 

D. CONSIDERING ALTERNATIVE PERSPECTIVES 

Alternative perspectives are designed as the antidote to the problem of 
groupthink and its negative impact on decision outcomes 102 Groupthink is 
defined as, “a mode of thinking that people engage in when they are deeply 
involved in a cohesive in-group, when members striving for unanimity override 
their motivation to realistically appraise alternative courses of action.This 
problem can occur when a strong leader influences the group’s analysis, or 
through group pressures to get the job done or slant their analysis a certain way. 
Bias and other behaviors can reduce the quality of analysis and ultimately the 
decision. A by-product of groupthink can appear when groups apply their 

99 The Commission on the Inteliigence Capabiiities of the United States Regarding Weapons 
of Mass Destruction, “Report to the President of the United States” (March 31,2005). 170. 

100 Ibid., 170. 

101 The Role and Status of DoD Red Teaming Activities. 

102 Phillip Johnson, “Effects of Groupthink on Tactical Decision-Making” (Monograph, School 
of Advanced Military Studies, Fort Leavenworth, Kansas, 2008). 

103 Irving L. Janis, Groupthink: Psychological Studies of Policy Decisions and Fiascoes, 2"'^ 
rev. ed. (Boston: Houghton Mifflin, 1983), 9. 


26 



attitudes, capabilities beliefs, and cultural values to another. By anticipating 
potential cultural perceptions of partners and adversaries, the decision maker 
can anticipate second- and third-order effects of actions and decisions in a multi¬ 
cultural environment, and anticipate implications to other actions at the strategic 
or tactical level. 

Surrogate Adversary/Role Play is one technique used to generate 
alternative perspectives. Trying to understand how a foreign leader or decision¬ 
making group may behave is a challenge. At the tactical level. Red Teams within 
DHS usually adopt this approach to attempt to role-play a certain threat group 
and attempt to defeat security systems and procedures. jhe inherent risk 
involved in such an exercise is imputing or assigning the same motives, values, 
or understanding of an issue that the friendly organization or friendly leader 
holds. This problem is referred to as “mirror imaging.” It typically occurs where 
analysts have spent years developing information and knowledge regarding a 
particular threat or enemy.ios jhis base of accrued knowledge becomes a prison 
and stifles the analyst’s creative thinking. By utilizing the technique of applying 
alternative perspectives to a problem, situation or course of action, the decision 
maker is better able to understand the enemies and U.S. security partners’ 
beliefs, cultural constructs and values, which influence their decision making. 

Red Teaming fundamentals are tools that can be used by a group or an 
individual leader to develop greater situational awareness and make better 
decisions. An organization’s planning and decision making can be significantly 
impacted by skilled, trained Red Teams. Unfortunately, educationally formed 
bias and a preference for certain analytical approaches to problem solving can 
make an organization’s planning and decision making sub-optimal.A common 


^ 04 The Role and Status of DoD Red Teaming Activities. 
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error made by leaders and groups in problem solving is the failure to account for 
the enemy’s ability to adapt, and the constant changing picture of the operating 
environment. 

The security environment facing the U.S. is constantly adapting and 
changing to counter U.S. security efforts. DHS leadership already uses Red 
Teams in an effort to identify how security threats are adapting to our 
technological advantages, but expansion of their usage, and usage of Red Team 
fundamental concepts, is an important area for further research. 
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IV. RESEARCH DESIGN 


Leaders within the Department of Homeland Security, and those 
contributing to the security of our country, seek to make good decisions that will 
continue to ensure the safety and security of our country. To do so, they are 
often required to make and execute effective decisions faster than the enemy or 
threat can do the same. Unfortunately, the security-operating environment facing 
the United States continues to become more complex and often leads us to bad 
thought habits, which set failure in motion from the beginning.108 

In this chapter, the researcher familiarizes the reader with the case 
organization and methodology, and discusses how the technique will be applied 
to the security situation involving the Christmas Day bomber and Flight 253 into 
Detroit. Case study methodology is routinely criticized because of its dependence 
on a single case, creating difficulty in reaching a generalized conclusion. The 
established goal of a researcher using case study methodology is to set 
parameters that could be applied in all research, thus even with a single case, 
one could draw realistic conclusions.It can be increasingly difficult to analyze 
what was known prior to an incident, versus what is known after an incident 
occurs and a thorough investigation is completed. 

Case studies provide a holistic understanding of the problem set. In a 
case study involving Flight 253 and the attempted bombing by Umar Farouk 
Abdulmutallab, an agent of Al Qaeda, the problem set is not about a single 
screening checkpoint failing. Instead, it asks why the layers of security 
implemented by TSA failed to stop this terrorist. 

By identifying and challenging assumptions inherent within TSA’s security 
system, analyzing the problem using an alternative, model and looking at the 
problem from different perspectives, could the system have been made more 

^08 Dormer, The Logic of Failure,”?. 

109 Winston Tellis, “Introduction to Case Study.” The Qualitative Reports, no. 2 (July 1997). 
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secure? Through the examination of these issues, this research hopes to 
address the overall issue of whether broader utilization of decision support Red 
Teaming will effectively assist DHS and its partners in making better decision to 
help make our country safer. 

The goal of this research is to determine if more effective, broader 
utilization of decision support Red Teams and the fundamental concepts of Red 
Teaming can positively affect decision making within DHS. This research deals 
with the nature of the problem faced by the Department Homeland Security 
through the Transportation Security Administration of securing the some 450 
airport terminals across the U.S. Currently, active physical Red Teams are 
developing across the homeland security horizon and the Border Patrol is 
establishing Red Teams.Other agencies within DHS and partners with DHS 
are becoming increasingly interested in developing active Red Teams.^ These 
teams are focused upon threat emulation and how to defeat existing security 
systems. Although this is valuable, by not also applying Red Team fundamentals 
—of challenging assumptions of the organization, alternative analysis in concept, 
planning and operational design, and alternative perspectives from friendly 
agencies and partners’ points of view—DHS is missing an opportunity to create a 
learning organization from these various perspectives. 

This research uses a selected case study, combined with evidence and 
analysis from historical examples, to determine if decision makers can benefit 
from Red Teams and Red Team fundamental concepts. The challenges posed 
to decision making within DHS, and symptoms of defective decision making, may 
provide evidence to support conclusions about Red Team utilization in the case 
study. 

This case study analysis will help homeland security leaders become 
more familiar with the fundamentals of Red Teaming so that they can incorporate 


110 poy Watson (COL, instructor, UFMCS) discussion during conference January 27, 2010. 
Observations from attending DHS Second Red Teaming Conference, March 2009. 
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them and challenge their staffs to utilize these fundamental Red Teaming 
concepts in the development of the organization’s concepts, plans, and strategic 
initiatives. 
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V. CASE STUDY AND EVALUATION 


The Department of Homeland Security protects the United States 
transportation industry through its subordinate agency the Transportation 
Security Administration (TSA ).112 Created just two months after the 9/11 attacks, 
TSA has become a fixture of the airline transportation environment. TSA’s stated 
mission is to protect the nation’s transportation systems to ensure freedom of 
movement for people and commerce. ^ ■'3 TSA’s role in homeland security is to 
imagine, assess, and mitigate all threats in all modes of transportation.^^^ it js 
first essential that we have an overview of the security systems that was 
designed to, and is acting to, keep terrorists from entering the United States. 
Transportation security begins at the origin of where transportation assets begin 
their journey to America’s shores. Protecting America from future terrorist 
attacks cannot be dissected as an isolated issue. Denial of access to terrorists 
must also be considered in the overall threat to the issue of boarder security, 
involving facets of immigration enforcement, drug trafficking, and other illegal 
entries. The holes in our security that allow entry through our ports of entry, 
which would allow drug smugglers, illegal immigrants, and others to enter, would 
also allow a terrorist to gain entry to the U.S. Among the thousands of visitors, 
immigrants, and students who come to America every year, which one—admitted 
on a temporary visa, passport or other document who overstays that visa, or in 
fact never shows up for school—will be the next terrorist to kill Americans? 

For purposes of this case study, we will focus on only one aspect of the 
overall TSA responsibilities, which is commercial airline security. Airline security 
refers to procedures as well as infrastructure designed to avoid security problems 

^^2 U.S. Government Accounting Office, Report to the Chairman, Committee on Homeiand 
Security, House of Representatives: Transportation Security: TSA Has Deveioped a Risk-Based 
Covert Testing Program, Couid Better Mitigate Aviation Security Vuinerabiiities Identified Through 
Covert Tests (Washington D.C. Government Printing Office, August 2008) GAO-08-958, 42. 

"'''2 Transportation Security Administration, “Transportation Security Administration Mission 
Statement.” 

Transportation Security: TSA Has Deveioped a Risk-Based Covert Testing Program. 
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aboard aircraft."'jhe perception amongst the media and most Americans is 
that security for air travel is entirely based in airports. Even after this most recent 
attempt by the Christmas Day bomber, the media focus is still on checkpoint 
security."'16 JSA continues to set the conditions for the perception that security of 
the airplane is set at the checkpoints. The checkpoints are there to make sure 
that terrorists cannot bring anything aboard the plane that would enable them to 
take it over or destroy it."'^^ These are called “prohibited items” and cannot be 
brought to a checkpoint, into the secure area of an airport, or aboard an 
aircraft. 1 "'6 

The airport checkpoint, however, is just one layer of a multi-layer security 
approach used by TSA to ensure the security of the traveling public and the 
nation's transportation system."'16 Because of their visibility to the public, TSA is 
most associated with the airport checkpoints. 120 other layers of security used by 
TSA include intelligence gathering and analysis, checking passenger manifests 
against watch lists, random canine team searches at airports, federal air 
marshals, federal flight deck officers, and more security measures—both visible 
and invisible to the public.121 


"' "'6 United States General Accounting Office Aviation Security: Efforts to Measure 
Effectiveness and Address Cfiaiienges, Testimony before the Committee on Commerce, Science 
and Transportation, U.S. Senate, Statement of Cathieen A. Berrick, Director Homeiand Security 
and Justice Issues, Washington D.C. Government Printing Office, November 5, 2003 (GAO-04- 
232T), 2. 

116 Scott Mayerwitz, “What's Different With Airline Security Today A Look at How Air Travel 
Has Changed and What You Now Need to Do at the Airport.” 

11^ United States Government Accountability Office, Report to Congressional Requesters: 
Aviation Security: DHS and TSA Have Researched, Developed, and Begun Deploying Passenger 
Checkpoint Screening Technologies, but Continue to Face Challenges, Washington D.C. 
Government Printing Office, October 2009, (GAO-10-128) 1. 

116 Transportation Security Administration, “TSA: Travel Assistant.” 

116 United States Government Accountability Office, Report to Congressional Requesters, 

20 . 

120 CBS News, 60 Minutes, “TSA Screening Is Security Theater.” 

121 United States Government Accountability Office, Report to Congressional Requesters, 

23 . 


34 



A terrorist faced with multiple security layers is facing a stronger, more 
formidable system, and is more likely to be deterred or fail during the attempted 

attack. 122 


20 Layers of Security 



Figure 2. TSA Layers of Security 

A. SECURITY LAYERS IN PLACE TODAY 

Visible Intermodal Prevention and Response (VIPR), Travel Document 
Checker, Behavior Detection Officers (BDO), Secure Flight (software utilized to 
cross check traveler watch list). Federal Air Marshals (FAMs), Federal Flight 
Deck Officer (FFDO), Airline and support company Employee Screening and 
Checkpoint Screening Technology.i23 


122 Transportation Security Agency, “TSA: Layers of security, what we do.” 

123 Ibid. 
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The security systems TSA has arrayed, against a single or group of 
terrorists today to prevent their boarding and blowing up an airplane, appear to 
be overwhelming. This layered system of defenses is a monument to the 
hardworking men and women of TSA who go to work every day, and try to 
prevent another 9/11 style attack. Nevertheless, have they succeeded in making 
air travel safer? The only measurement of effectiveness that seems relevant is 
that, so far, no terrorist or group has succeeded in using a commercial aircraft as 
a weapon. TSA struggles with determining if its security initiatives are 
effective.■'24 While it is true that no other terrorist attempts have succeeded, their 
success seems to be predicated on luck rather than actual effectiveness of TSA 
security efforts. When a terrorist event does not happen, is it because our 
security worked? Or were the terrorist merely unlucky? So far, we know TSA has 
succeeded in intercepting seven million prohibited items at airport checkpoints. If 
you break down those seven million items, only six hundred were firearms, which 
equates to .008 percent of items intercepted. Nearly 100 percent of what TSA 
succeeded in keeping off the airplanes consisted of items such as tweezers, 
breath fresheners, and lighters."'25 

These checkpoints at the 400 airports across the U.S. represent to most 
Americans TSA’s security efforts .^26 jsa continues to enhance its security 
efforts at these checkpoints through investment of millions of taxpayer dollars in 
new technology, aimed at defeating prohibited items from making it on to 
commercial aircraft, yet gaps in security remain, and prohibited items still get 
through.127 Despite TSA’s attempts to build a robust, impregnable fixed-security 


■'24 United States General Accounting Office. Aviation Security: Efforts to Measure 
Effectiveness and Address Chaiienges, 20. 

125 Veronica Rugy, “TSA Disaster, Leave it to the government,” Nationai Review Oniine, 

(May 5, 2005). 

126 U.S. Senate, Committee on Commerce, Science and Transportation, Impiementing 
Recommendations of the 9/11 Commission Act of 2007, October 16, 2007. Washington D.C., 
Government Printing Office, 2007. 

127 Homeland Security News Wire, “Billions spent on airport security, but major security gaps 
remain.” 
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checkpoint and airport, no security is impenetrable. ‘'28 Have we merely built a 
modern-age equivalent to the Maginot line? The Maginot line refers to a series 
of fortifications built along the French and German border, by France, as an 
impregnable defensive line through which no invaders army could pass. This 
method of defense, building fortress-type perimeters, dominated the French 
security mindset for years. ^ 29 jhe French were so convinced that this static 
defensive line would protect them, they made basic assumptions that the heavily 
forested flanks of the Maginot line could not be effectively breached by tank 
units. This assumption ultimately proved false when the German Army 
outflanked the Maginot defensive line, leading to the ultimate defeat of Franco.^i^o 

TSA continues to focus on improving its security effectiveness of its airport 
checkpoints by investing in improved screening technology.121 Yet, individuals, 
not just trained terrorists, continue to find ways to bypass, defeat, and outflank 
these security efforts. Are we building a technological Maginot line in our 400 
airport checkpoints? Flas the focus on identifying and stopping prohibited items 
caused a shift in America’s airline security focus from catching and stopping 
terrorist, to stopping things? 

Stopping terrorist attacks on the U.S. is the primary focus of several 
government agencies, and is a job that takes more than one agency’s efforts to 
be successful at establishing and maintaining internal security.122 one of the 
continuing hurdles faced by TSA and DFIS is the institutional barriers created by 
bureaucracy. The silo effect of distinct cultures, budgets, and narrowly focused 
career ascendency compels government agencies toward self-protectiveness, 

"'28 U.S. Senate, Committee on Commerce, Science and Transportation, Implementing 
Recommendations of the 9/11 Commission Act of 2007, 3. 

^29 Bryan Dickerson, “The U.S. Army vs. The Maginot Line,” Military History Online 
(November 9, 2006). 

^20 Ibid. 

"121 Homeland Security News Wire, “Billions spent on airport security, but major security gaps 
remain.” 

122 Arvind Gupta,” Learning from the American Experience in Counter Terrorism,” IDSA 
Comment (Institute for Defense Studies and Analysis, January 30, 2009). 
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insularity, and allegiance to their own agency-based advocacy and 
independence. 133 There are also deeply ingrained traditions of rivalry and 
palpable struggles for control, especially among organizations with similar or 
overlapping missions and scope of responsibility.i34 JSA, as part of the DHS 
counterterrorism effort, must be fully integrated into this effort, and unification of 
counterterrorist efforts must be empowered to occur between federal and state 

agencies. 135 

B. UMAR FAROUK ABDULMUTALLAB: THE CHRISTMAS DAY BOMBER 

As a glaring example of failed airline security, Umar Farouk 
Abdulmutallab, a Nigerian citizen, is accused of trying to detonate an explosive 
device hidden on his body as the plane approached Detroit on a flight from 
Amsterdam on Christmas Day, 20 09.136 He was charged with trying to blow up a 
transcontinental airliner. The charges include attempted murder and trying to use 
a weapon of mass destruction to kill nearly 300 people.i37 

The federal criminal complaint filed against Mr. Abdulmutallab identified 
the explosive as pentaerythritol tetranitrate, or PETN. Umar had been placed on 
a UK watch list and barred from entering Britain earlier that year.i38 During his 
interview with FBI agents, Umar informed them that America could expect more 
attacks. He indicated there were more young men, just like him, in Yemen who 
would strike soon.i39 This was supported by a tape released four days before 

133 Leonard J. Marcus, Barry C. Dorn, and Joseph M. Henderson, “Meta-Leadership and 
National Emergency Preparedness, Strategies to Build Government Connectivity,” Working 
Papers, Center for Public Leadership, (U.S. Center for Disease Control and Prevention, 2005) 43. 

134 Ibid., 42. 

135 Ibid. 

136 News Service, “Christmas Day Bomber Plead Not Guilty,” New York Post, January 8, 
2010, online edition. 

137 New York Times, “Umar Farouk Abdulmutallab,” February 3, 2010, Times Topics, 

People, Online Edition. 

138 afP, “Christmas Day bomber 'was on UK watch list,”' December 28, 2009, Online 
Edition. 

139 Brian Ross and Richard Esposito, “Abdulmutallab: More Like Me In Yemen,” ABC News, 
December 28, 2009. 
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the attempted bombing of Northwest Flight 253, in which the leader of al Qaeda 
in Yemen boasted of what was planned for Americans:, "We are carrying a bomb 
to hit the enemies of God.”i40 Umar had applied through the Department of State 
for a regular multiple-entry tourist visa, valid until June 12, 2010 .141 

C. AMERICA’S PERCEPTION OF TERRORISTS FUELED BY 

HOLLYWOOD 

Today’s media culture has created a picture of the modern terrorist by 
attempting to portray the essence of contemporary jihadist violence. 142 jhe 
terrorist exists beyond constraining factors of history, beyond politics, beyond 
psychology—a person defined as irredeemably evil and irrational.i43 The 
Hollywood mindset—that terrorists are Muslim fanatics—dominates film and 
often Americans’ perceptions.i44 Even the U.S. intelligence community fell victim 
to this flawed perception when it developed a template for the modern terrorist, 
known as MAAM, “military-aged Arab male.’’i45Terrorists are consistently 
portrayed as characters who are desperate, poor, uneducated and have few 
prospects.146 This new “terrorist personality”—faceless, sinister, innately 
violent—has appeared hundreds of times over in the recent cycle of Hollywood 
terrorist-action films that continue to reap enormous box-office revenues.i47 

Umar, the Christmas Day Bomber, was not like the Hollywood terrorists. 
At 23, Umar led a life of privilege as the son of a prominent Nigerian banker. He 


140 Ross and Esposito, “Abdulmutallab: More Like Me In Yemen.” 

141 The Whitehouse, “Remarks from the President on strengthening inteiiigence and aviation 
security.” 

142 Carl Boggs and Tom Pollard, “Hollywood and the spectacle of terrorism,” New Political 
Science (October 2006). 

143 Ibid. 

144 Gregory D. Miller, “Teaching about Terrorism: Lessons Learned at SWOTT,” Political 
Science & Politics, 42, 2009, 773-779. 

145 Malcolm Nance, “How (Not) to Spot a Terrorist,” Foreign Policy {April 10, 2008). 

146 Miller, “Teaching about Terrorism,” 775. 

147 Boggs and Pollard, “Hollywood and the spectacle of terrorism.” 
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attended boarding school, and was an engineering student attending one of the 
leading universities in LondonJ^s Former counterterrorism czar Richard Clarke 
stated, 


This is the kind of person who lives in Europe and the U.S. who’s 
being radicalized increasingly. Terrorists are often sons of middle 
to upper class families and from well-educated families who are 
being radicalized at long distance over the internet."'^9 

Umar’s father was previously the economics minister of Nigeria and 
recently retired as the chairman of the First Bank of Nigeria; he holds the 
Commander of the Order of the Niger, as well as the Italian Order of Merit.^^o 

D. RED FLAGS AND WARNINGS 

Dr. Magnus Ranstorp of the Center for Asymmetric Threat Studies at the 
Swedish National Defense College said. 

On the one hand, it seems he's been on the terror watch list but not 
on the no-fly list. That doesn't square because the American 
Department for Homeland Security has pretty stringent data-mining 
capability. I don't understand how he had a valid visa if he was 
known on the terror watch list.''^'' 

Umar’s Father, Dr. Mutallab, had informed the U.S. embassy of his son's 
activities because of his growing concern about the radicalization of his son’s 
religious views.^^2 He was also reported to have been "surprised" his son had 
been allowed to travel after he had reported him to the authorities."iss it was 
reported that the U.S. authorities had known for at least two years that Umar 
could have terrorist ties. He was on a list that included people with known or 

148 BBC News, “Police search London flat in US plane attack inquiry” (December 26, 2009). 

149 Ibid. 

1^9 Andrew Johnson and Emily Dugan, “The inside story of the privileged student who 
embraced al-Qaida and tried to blow a transatlantic jet out of the sky - and the lessons for us_all,” 
The Independent, December 27, 2009, Online Edition. 

151 Ibid. 

152 Tom Davenport, “Why they didn’t connect the dots,” The Harvard Business Review 
Blogs. Comment posted January 8, 2010. 

153 Johnson and Dugan, “The inside story of the privileged student who embraced al-Qaida.” 
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suspected contacts or ties to a terrorist or terrorist organization.154 jhe list is 
maintained by the U.S. National Counterterrorism Center and includes about 
550,000 names.155 

Another incident that was foreshadowing of the December 25 bombing 
attempt occurred on November 13, 2009: A man tried to board a commercial 
airliner in Mogadishu, Somalia, carrying powdered chemicals, liquid and a 
syringe, which was originally believed to have been capable of causing an 
explosion. 156 The case bears similarities to the plot to blow up the Detroit-bound 
airliner. The Somali man, whose name has not yet been released, was arrested 
by African Union peacekeeping troops before the Daallo Airlines flight took off. It 
had been scheduled to travel from Mogadishu to the northern Somali city of 
Hargeisa, then to Djibouti and Dubai. i57 

In response to the information received from Umar’s father and other 
information the intelligence community collected, the U.S. embassy in Abuja sent 
a message to all U.S. diplomatic missions and the Department of State in 
Washington D.C., where the information was shared with the National 
Counterterrorism Center’s Terrorist Identities Datamart Environment (TIDE) 
database.158 Despite this fact, the derogatory information associated with Umar 
Farouk Abdulmutallab did not get shared thought the Intelligence Community.i59 
Umar was not placed on either the No Fly or Selectee list, nor was his tourist visa 
revoked. 159 


154 Johnson and Dugan, “The inside story of the priviieged student who embraced al-Qaida.” 

155 Ibid. 

156 CNN, “Somali forces: Would-be flier was not carrying 'bomb-making materials,”’ 
December 31,2009. 

157 Ibid. 

158 Intelligence Reform: The Lessons and Implications of the Christmas Day Attack, Part I, 
Dennis C. Blair Testimony January 20. 

159 Jake Taper, Comment on “Hoekstra on Underwear Bomber: ‘We Missed Him at Every 
Step.'” The ABC News Blog, comment posted December 28, 2009. 
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Hiding explosives in underwear is a new terrorist tactic, but the overall 
strategy remains the same—bring terrorism to AmericaJSi in August, in a failed 
terrorist assassination attempt on the Saudi Prince Mohammed bin Nayef, a 
suicide bomber used a similar technique of implanting explosives in his bodyJ^^ 
This creates new challenges for airport screeners around the world, since a part 
of the explosive could be hidden either inside the inner thigh or wrapped over 
that area with skins, making it extremely difficult to detect during a normal airport 
screening search.163 jhe ebb and flow between terrorist and defender continues 
to evolve, with each adapting and countering the other’s move in a multi-turn 
game until one destroys the other.i64 Our defensive strategy in homeland 
security must be adaptive to the changing threats of modern terrorism.165 a 
change in technology may defeat the terrorist threat posed today, but it will 
ultimately be defeated when the threat adapts.166 Viewing this relationship 
between defender and terrorist as a coevolutionary dynamic relationship, 
provides the policy maker in homeland security with the opportunity to apply Red 
Team fundamentals to the problem, and opens the door to different solutions.i67 

There was so much information and intelligence available to our 
government indicating Al Qaeda and Umar’s impending attack, yet our security 
and intelligence apparatus failed to identify them and take action until too late. 
Our government failed to connect, integrate, and understand the information we 
had. This indicates systemic failures and human error.i68 Qur technological 

161 Bernard Debusmann, “The Underwear Bomber and the war of ideas,” Reuters. 
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advances were stymied by failure of accountability and overlapping 
responsibilities, which caused leads to not be followed to conclusionJ69 j\ 
tracking process between agencies, to determine agency actions and follow-up 
responsibilities regarding terrorist threats and warnings, is missing from our 
intelligence communityJ^o 

E. CHALLENGING THE ORGANIZATION’S THINKING 

A fundamental concept of Red Teaming is to challenge the organization’s 
thinking by questioning the assumptions made during the decision-making 
process and the conventional thought process of the group. in this case 
study, despite TSA’s 20 layers of security efforts, Umar Farouk Abdulmutallab did 
break through our defense and could have killed hundreds of innocent individuals 
if the explosive he hid in his clothing had worked. jsa has undertaken 
numerous security initiatives to improve airport security since 9/11.1^3 it also 
faces the challenge of managing almost 60,000 employees, 80 percent of whom 
work at airports to help screen passengers and their baggage. 174 Screening 
passengers and their bags is also where DHS spends the majority of its financial 
resources allocated for aviation security. In fiscal year 2004, DHS appropriated 
$3.7 billion for aviation security, $1 .8 billion went to passenger screening and 
$1.3 billion for screening baggage.175 

Although referred to a layered security system, aviation security is not 
provided through a truly systematic means, but rather through a collection of 
mostly unrelated measures that do not support one another or provide backup for 

169 whitehouse, “Summary of Whitehouse review of the December 25, 2009, attempted 
terrorist attack.” 
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Berrick, 1. 
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one another if one failsJ^® Unless the individual systems maintain a very high 
and sustained level of performance, an attacker could succeed by overcoming a 
single perimeter defense such as a security checkpoint, thus defeat the entire 

security system. 177 

Utilizing fundamental Red Team concepts, a decision support Red Team 
would analyze the implied assumptions in the TSA security system. 178 Strategic- 
level Red Teams analyze strategy and strategic decisions by challenging the 
organization’s assumptions, by playing “devil’s advocate,” and challenging 
“conventional wisdom.179 The current TSA security system focus is defensive in 
nature, establishing a final perimeter at the airport security checkpoint.i^o A Red 
Team might ask if we are building the equivalent of a modern-day Maginot line. 
What are the implied assumptions that aviation security is built upon? The 
current TSA security focus seems to be on keeping items off the plane, with the 
majority of their personnel involved in screening either passengers or baggage 
for prohibited items. Is that the proper focus for our aviation security system? 

By shifting the paradigm from securing the transportation systems, to 
making the transportation systems secure by prohibiting forbidden items, to 
keeping prohibited persons off the plane, the focus of security shifts dramatically 
in how security resources are allocated.i8i A decision support Red Team would 
ask questions like: How do we shift our approach to aviation security from a 
defensive one to an offensive one? How do we identify those terrorist groups 
likely to try to smuggle explosives or other dangerous devices aboard 
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transportation systems? What types of devices are they likely to use? Where 
can you buy these explosives? How can we identify those who buy and supply 
the explosives to the terrorist? 

El Al, the Israeli airline, is widely viewed as the most secure airline in the 
world, with the tightest security measures.‘'82 These security measures include 
at least one armed plainclothes sky marshal on each of its flights.in the 
airport, a team of agents question passengers regarding the circumstances 
surrounding their flight: Why they are flying to a particular city, who they know at 
their destination, why they are going there, etc.i84 Michael Pangia, former FAA 
chief trial lawyer, said, "It is a matter of the job itself and how it is being 
approached."i85 if a similar tactic had been used, would Umar have been 
identified as a high-risk traveler? 

Is our focus wrong? The U.S. aviation security system focuses on keeping 
weapons and bombs off airplanes, not necessarily on the people who board 
planes or a line of defense on the airplane.186 Since 9/11, America’s policy 
regarding airport and air travel security has been to federalize this important 
national task. James Carafano and Robert Poole, in their article: Time to Rethink 
Airport Security, argue that TSA is using the wrong security model. They argue 
that this move to federalize airport security is built on two assumptions: “A one 
size fits all passengers, in that they are all equally suspicious and should receive 
the same scrutiny, and the principal focus of airport security is to keep dangerous 
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objects (e.g., knives, guns, and bombs) off of airplanes.”"'^7 These two 
assumptions lead to a myriad of actions on behalf of security personnel to 
counter the threat and create a perception that actually inhibits security. The 
government’s approach to one size fits all security, by creating a standardized 
screening process, prevents TSA from identifying specific differences between 
airports and inhibits innovation and changes that could close this vulnerability 
gap, created by the one size fits all approach. a decision support Red Team, 
focused on strategic assessment tools, would have questioned the security 
approach, because part of their job is to challenge the problem statement and 
assist in mitigating the reliance upon methods that have worked in the past, 
encouraging critical thinking by planners and decision makers. 

The economic operating environment for airline travel further complicates 
airport and air travel security. Passenger travel among the 100 largest U.S. 
airports can vary dramatically from year to year. Between 2003 and 2004, of the 
top 100 U.S. airports, 26 experienced an increase in passenger traffic of 11 
percent to 50 percent, while three of these 100 airports experienced a decrease 
in passenger travel in a range of 5 percent to 35 percent. This unpredictable 
variability in passenger travel can cause airlines to move lines and change 
services from airport to airport, trying to find the most profitable route. In 
response, TSA can find itself with too few resources dedicated to an airport 
suddenly seeing a huge influx of passengers, while elsewhere, TSA screeners 
are waiting for passengers to appear. 

By reexamining and challenging the assumptions made in supporting the 
decision to federalize airport security, TSA will be forced to examine alternative 
solutions and approaches to securing air travel. Decision makers filter data 
regarding the operational environment through the mental model they have 

''^7 Poole and Carafano, “Time to Rethink Airport Security.” 
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constructed to understand the situation.This perception becomes a prison, 
constructed of old ideas and previous experience, which become barriers to 
considering all available possibilities.^92 jo fully explore alternative security 
solutions, TSA may be required to expand its operational horizon beyond the 
airport or terminal and seek greater collaboration with other agencies also 
charged with the task of securing our country.i93 Finding the answers to the 
problem of securing the friendly skies by preventing terrorists from being able to 
buy a ticket in Amsterdam, ^94 may go beyond the scope of ISA’s mission, but 
not beyond the scope of DHS’s mission. The unified effort to secure our airports 
has to be a collaborative effort, not just with other U.S. agencies, but other 
countries. 195 JSA, by reaching out to and collaborating with other government 
agencies while engaging and empowering other countries’ security systems, can 
increase aviation security through offensive air travel security operations. 196 By 
challenging ISA’s perception of its operational boundaries, a decision support 
Red Team could facilitate the removal of obstacles to providing a collaborative, 
integrated, aviation security system. 

Currently, the TSA Red Team program is an offshoot of the original FAA 
Office of Civil Aviation Security program, created in response to the 1988 
bombing of Pan Am Flight 103. Its primary mission is to conduct covert airport 
security penetration testing for identifying both localized and systemic 
vulnerabilities.197 Although the TSA Red Team is providing a valuable function in 
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testing airport security systems by broadening its mission or expanding the use 
of Red Team fundamental concepts, the Red Team would be in a position to 
challenge the assumptions made in developing new security initiatives. Involving 
a Red Team in the concept development of new security approaches and 
technologies would help TSA and DHS meet the overall intent of the Homeland 
Security Authorization Act, by strengthening preemptive capabilities.‘'99 

F. ALTERNATIVE ANALYSIS 

Alternative analysis can assist decision makers in identifying friendly and 
adversary vulnerabilities, accounting for the enemy’s adaptive capability, and 
setting the problem .200 Bruce Schneier, an airport security expert, states, “We've 
always known you can strap explosive material to your body without a metal 
triggering device and get it on a plane. You need to stop terrorists before they get 
to the airport."20i If the problem is framed as the need to stop a deadly device 
from getting on the plane, can we really ever truly be successful at solving that 
problem? Through alternative analysis, a strategic decision support Red Team 
can offer different perspectives on the environment, problem, potential solutions 
and vulnerabilities of the adversary and the TSA aviation security system .202 

Congress, by passing the Aviation Transportation Security Act, created a 
massive organization, involving the new personnel demand related to hiring, 
training and managing, at the time, a 45,000-person screening force.203 By 
comparison, most other European countries have opted to do less with more, by 
adopting performance contracting to utilize private security screeners in lieu of 
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the American approach of having its national government assume operation of 
the passenger-screening system.204 Analyzing the problem of air travel security 
by fundamentally altering the problem set—from preventing dangerous objects 
from getting on the aircraft, to preventing dangerous persons from getting on the 
aircraft—will change the range of potential security solutions available to TSA.^os 
By focusing on the challenge of keeping the greater threat of terrorists getting on 
the plane, or from even being able to buy a ticket, the needs and demands for 
information for air travel security would change.^oe Shifting to a risk-based 
approach for screening potential passengers would involve categorizing them 
based upon information known to the TSA security system .207 Dividing potential 
passengers into three broadly defined categories based upon the quality and 
quantity of information known about the traveler would categorize them as: 

• Passengers about whom a great deal of information is available, 
thus are a low security threat; 

• Passengers who fly less frequently and are traditionally leisure 
travelers; and 

• Passengers about whom nothing is known, or there is specific 
negative information known about them .208 

The advantages of such a risk-based approach would allow TSA and DHS 
to focus resources on the greater risk and threat to the security of air travel and 
generate increased intelligence and information demands to develop traveler 
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data profiles and focus on riskier travelers, 209 versus expending huge amounts of 
resources to screen the average flying public. 

The current one-size-fits-all approach to airport security creates a 
perception of security that does little to impact the overall security of air travel. 
Instead, by applying different security measures to different passengers and their 
bags, the resources would be focused towards the greatest perceived threat and 
not on the average flyer .210 why spend resources screening a passenger with a 
current federal security clearance or who has a biometric identity card? These 
passengers should be allowed to board with minimum screening assets utilized 
on them or their luggage. A small percentage of these travelers could be 
randomly selected for more intensive screening. This would create disruptive 
patterns of security to deter potential terrorist from attempting to enter as a 
member of this passenger group .211 This new security system might require 
infrequent, leisure travelers to go through a screening process similar to today’s 
passenger screening process, but with alternating prohibited items based upon 
the current threat .212 in addition, a percentage of this group could be identified for 
more thorough screening and interrogation as needed or supported by 
information collected. 21 3 

Finally, those travelers about whom little is known, would be thoroughly 
screened, both their persons and their checked and carry-on bags. Everyone in 
this group would receive a more rigorous screening, using the latest technology 
and techniques available, to determine if they are merely innocent travelers or in 
fact terrorists. 21 4 The concept of a risk-based passenger screening is not new. 
Identifying low-risk travelers in order to expedite their processing through airports 
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was first recommended by aviation industry experts Michael Levine and Richard 
Golaszewski.215 a proposed benefit of such a system was identified by Carnegie 
Mellon researchers, who suggested the time for processing passengers could be 
cut in half for frequent travelers, about whom a great deal of information is 
available. Such a system would stop wasting resources on low-risk passengers 
and would focus security on the security threat in proportion to the risk posed, 
thus putting the greatest resources against the greatest risk. 2 i 6 

The Red Team fundamental technique of alternative analysis used by a 
strategic decision support Red Team would re-examine the problem set facing air 
travel security operations. Instead of focusing on preventing dangerous items 
from getting on the aircraft, would the security system be more effective if the 
focus were on keeping terrorists off airplanes? The end result may be the same, 
but the shift in analysis would open decision makers and planners to different 
challenges and vulnerabilities before the enemy does.2i7 Re-defining the 
problem of aviation security from prohibited items to prohibited persons is a 
critical step for decision makers, and the place where errors tend to occur. 2 i 8 a 
R ed Team, by providing the decision maker with an independent resource for 
critically examining a problem, could dissect the symptoms of the problem from 
the true underlying “root problem,” because alternative analysis examines the 
problems set from different understandings of the problem boundaries.219 By 
analyzing the problem from different approaches, a TSA strategic Red Team can 
assist decision makers to better understand and work more effectively to solve 
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the true aviation security problem. 220 JSA, acting alone, cannot solve this bigger 
problem of indentifying terrorists and keeping them off aircraft; it requires 
collaboration and information sharing within TSA and among other agencies. 221 . 
Through collaboration and synchronized efforts with local airport security, local 
police departments, other federal agencies, and transportation security agencies 
in other countries, TSA can develop joint concepts to help accomplish the overall 
mission, while also identifying vulnerabilities within our security systems. 222 This 
would allow TSA to better understand the capabilities of our adversaries and their 
adaptabilities, allowing TSA and their partners to anticipate situations of concern 
before they arise and adapt their security strategy to better position the U.S. for 

long-term success .223 

G. ALTERNATIVE PERSPECTIVES 

The third Red Team fundamental concept, examining a problem or issue 
through alternative perspectives, enable decision makers a better understanding 
of the operating environment by viewing an issue through the lens of other 
partners, agencies and adversaries, and other significant actors who can 
influence the environment .224 Unfortunately, planning groups under pressure, 
trying to please their boss, can sometimes make faulty assumptions. This comes 
as a symptom of the problem of groupthink .225 Under the Presidency of Harry 
Truman, his advisors shared the common opinion that Red China was a weak 
nation, whose main source of power in world affairs came from its affiliation with 
the Soviet Union, and thus its foreign policy was largely dominated by Russia .226 
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The advisors failed to take into account that this over-simplified perception might 
not apply to Red China’s possible response to American troops in Korea. 
Therefore, they miscalculated the risk of provoking a full-scale military response 
to the U.S. attempt to use its military power to control China’s ally and 

neighbor.227 

In the case of Flight 253 and the events that led up to it, on December 23, 
law enforcement officials across the country, the FBI and the Homeland Security 
Department indicated that they had no specific credible intelligence indicating 
there were any plans from al-Qaida or any other terrorist groups to attack the 
U.S. during the holiday season .228 jhe officials warn that al-Qaida and other 
terror groups "continue to seek innovative ways to conduct attacks and 
circumvent security procedures.’’229 The U.S. counterterrorism system failed, 
because Umar Farouk Abdulmutallab should have been intercepted before he 
ever stepped on the plane .230 in his testimony before Congress, the Director of 
National Intelligence admitted the need for applying Red Teaming fundamental 
concepts to the counterterrorism system by taking a penetrating look at the entire 
system.231 |n response to the December 25 incident, agencies across the federal 
government sprang into action to fix what the Abdulmutallab case indicated failed 
within the counterterrorism system.232 Greater cooperation among DHS, the 
Department of State, the Department of Justice, the Intelligence Community, and 
others have been promised.233 Nevertheless, will those promises be enough to 
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create changes that will create a better counterterrorism system and bridge the 
gaps between international security and homeland security agencies? 

ISA’s mission is to secure the U.S. transportation system.234 However, it 
never had the direct opportunity to interdict Abdulmutallab because, until he 
reached an American airport, ISA could only influence its partners in Amsterdam 
to screen him and deny him access through the secure flight program, which 
matches the watch list against the passenger manifest.235 JSA also does not 
control or direct intelligence, but instead has influence over the intelligence 
collected through ISA’s status as a consumer of intelligence.236 in order to fix 
what went wrong in the Christmas Day bomber case, perhaps a greater effort 
should be made to consider intelligence through the lens of ISA and how quickly 
they need the information in order to be able to act upon it, 

Ihe enormity of the process ISA, and thus homeland security, must 
administer continues to filter and shape the environment. An estimated 1.2 
million travelers from abroad seek to enter the U.S. by boat, air or land each day. 
Another 1.8 million travelers domestically board some 1,800 flights daily.237 
Although it is extremely difficult to look at a situation through someone else’s 
lens or perception of the world, here it is obvious that the tremendous burden of 
screening every passenger, every bag, and treating each as an identical threat, 
creates vulnerabilities in the security system.238 This security situation makes air 
travel a ripe target for future terrorist attacks.239 
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Until we understand the terrorists’ perspective, grasping why blowing up 
an airplane—using it as a weapon—is attractive to them, we will continue to 
struggle with how to defeat these terrorist attempts.240 if we can gain insight into 
their perspective of our security operations, then we can see the security 
environment through the eyes of a terrorist. Seeing the world through the eyes of 
the enemy is the trait of a good soldier.24i 

What if a terrorist announced his intended reaction to a proposed security 
system before TSA implemented it? What if the threat pointed out the flaws in the 
security plan and technology that he intended to exploit, and revealed several 
hidden weaknesses or indicators of his conduct? Surely, once the TSA and its 
partners optimized the strengths of its security plan and protected its 
vulnerabilities, the security system would be much more effective.242 Red 
Teaming is the practice of viewing a problem from an adversary or competitor’s 
perspective, thus enhancing the decision making through a broader 
understanding of the operational environment.243 JSA and its partners can 
benefit from the implementation of a decision support Red Team and Red Team 
fundamentals, such as challenging assumptions, alternative analysis, and 
alternative perspectives to assist in their decision making and security concept 
design. 
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VI. RED TEAMING’S FUTURE WITHIN DHS 


To guess at the intention of the enemy; to divine his opinion of 
yourseif; to hide from both your intentions and opinion; to misiead 
him by feigned maneuvers; to invoke ruses, as weii as digested 
schemes, so as to fight under the best conditions—this is and 
aiways was the art of war. 

—Napoleon 

In the famous children’s story, The Emperor’s New Clothes, Hans 
Christian Anderson tells the tale of two tailors who hoodwink the emperor into 
believing they have made him a beautiful set of clothes, made from fabric so light 
and fine that it looks invisible to anyone who is too stupid and incompetent to 
appreciate its quality. Each of the emperor’s trusted advisors, having been told 
of the claim by the tailors, reviewed the invisible, non-existent suit of clothes and 
proclaimed them extraordinary—for fear of being revealed as incompetent and 
losing their job. Finally, a child who had no important job proclaimed the truth: 
The emperor was naked and had no clothes. 244 

In modern times, the emperor is replaced by our president, with his arrays 
of trusted security advisors, all being influenced by experts spinning security 
systems and technological advances in exchange for payments of gold. Yet 
there is still the need for a young child to tell us the truth. Red Teams fulfill the 
function of Anderson’s fairy tale. Red Teams are charged with telling the head of 
the agency that “what you invested in is not really providing you the security you 
hoped it would.” 

A. CONCLUSIONS 

1. The terrorist threat facing the U.S. and its allies will attack our 
vulnerabilities, not our strengths. The terrorists are waging war asymmetrically 
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and will attack our seams where vulnerabilities and gaps exist.245 These 
adversaries are more likely to target and strike at vulnerable civilian targets or 
strike military targets in non-traditional ways, thus avoiding our military 
operational strength.246 One of these systemic vulnerabilities is failure of 
imagination, which remains a factor within our homeland security institutions, five 
years after it was identified as an issue by the 9/11 commission.247 

2 . America’s Homeland Security System is hampered by bureaucratic 
challenges. In order to effectively fight terrorism, the U.S. Government must 
dramatically re-orient itself.248 By definition, imagination requires the entity to 
think about the way of doing business in a different manner.249 Bureaucracies 
are not facilitators of creative original thought,250 thus the culture of our 
government works against out of the box thinking which is necessary to fight 
terrorism. . 

Despite our efforts the enemy keeps changing, adapting, and getting 
better at overcoming our defenses. Predicting future trends in terrorism has 
always been next to impossible. The actors involved have been few, their actions 
often erratic, and the behavior of small groups in society is no more predictable 
than that of very small particles in the physical world. 251 The Red Team concept is 
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however, uniquely capable of addressing the issue of terrorism, especially the 
threat that it poses to domestic security issues.252 

3. Five Years after the 9/11 Commission, although tremendous changes 
have occurred, we still struggle with getting it right. America’s need to redefine its 
homeland security approach into a flexible adaptive system, is a continuing 
problem as America’s current and future threats are global and adaptive, blurring 
distinctions between crime, terrorism, and war.253 Given the asymmetric nature 
of the threat, knowing what the United States is doing, “blue” is as critical as 
understanding “red,” what our enemies are doing.254 Department of Homeland 
Security was created by the President in order to create collaboration and 
cooperation between federal agencies.255 

How then do we create a virus or antibodies within these critical homeland 
security institutions to protect, nurture, and develop an antidote for strategic 
surprise? Broader application of Red teams and implementation of their 
fundamental concepts, when supported by the leadership, create such antibodies 
within the organization.256 Trained Red Teams applying creative thinking and 
their fundamentals, challenge the organizations assumptions, provide alternative 
analysis to the organizations plans and provide the decision maker alternative 
perspectives on the current operating environment.257 

The case study in the previous chapter is presented to demonstrate the 
usefulness of applying Red Team fundamental concepts to current issues facing 
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Homeland Security decision makers. The analysis is rather simplistic, but 
applied by a trained Red Team, with time and resources; the Red Team’s 
analysis can be insightful for decision makers to determine if they might “have 

got it wrong. ”258 

The case study analysis identifies some recommendations that warrant 
further discussion and research regarding, potentially improving air travel 
security, the intent of this analysis is to demonstrate how greater application of 
Red Team fundamentals and broader application of Red Teams within homeland 
security would be beneficial to the decision making process. Currently DHS and 
several agencies within DHS have Red Teams, or are in the process of forming 
Red Teams to utilize primarily as threat emulators.259 Using Red Teams in this 
manner is extremely useful to test the vulnerabilities of security systems and 
beneficial to accomplishing the overall DHS mission.260 However, using Red 
Teams as threat emulators only utilizes a small portion of the potential Red Team 
capability that a trained Red Team provides through full-spectrum iterative 
operations and operating environment analysis from perspectives, which can 
help decision makers identify strategic vulnerabilities and develop mitigating 
strategies26i. Broader usage of decision support Red Teams and Red Team 
fundamentals within DHS can assist decision makers in security system 
management, across the life cycle from concept through retirement.262 Red 
Teams are particularly useful in identifying how the enemy will react to potential 
security improvements, strategy and policy changes.263 
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B. RECOMMENDATIONS 


Education on the Red Team Fundamentals should be implemented as 
mandatory for all homeland security leaders. Homeland Security Leaders need 
to become more familiar with the basic precepts of Red Teaming so that they can 
incorporate them into their decision making process and challenge their staffs to 
utilize these concepts in the development of plans and strategic initiatives. 

1. Ask Questions 

At a minimum, homeland security leaders should be trained to begin 
asking the following four questions of projects that are presented to them:264 

1. “What if....?” This question is useful in trying to anticipate what the 
enemy may do. 

2. “What are the objectives of...?” Answering this question forces the 
staff to consider other perspectives, those of the enemy, of other partner nations, 
of other agencies working towards the same mission of homeland security. 

3. “What are we missing...?” Answering this question helps identify 
seems gaps and vulnerabilities within your own agencies operations, plans, and 
conceptual designs. It could also identify disconnects between your agency and 
another that need to be filled in order to avoid exploitation. 

4. “What is working and what isn’t?”265 This question helps create 
homeland security leaders in creating a learning organization, which provides a 
work culture that is open to creative thought, empowering employees to think 
critically and creatively, while giving them the ability to communicate ideas and 
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concepts, and the ability to cooperate with each other in the process of inquiry 
and action,266 while avoid establishing patterns of operation that can then be 
identified and defeated by the enemy.267 

These questions are simple, but the concepts behind them are not so 
simple. While asking the questions may help identify problems, solving them will 
take more effort and creativeness on behalf of the organization. Asking these 
questions of their staff will help homeland security leaders better understand the 
gaps and vulnerabilities within their organization’s planning. This basic Red 
Teaming fundamental technique can be very beneficial to an organization, by 
offering a hedge against surprise and inexperience and a guard against 
complacency.268 By asking these questions and using Red Teaming fundamental 
concepts, the leader begins to tests the fusion of policy, operations, and 
intelligence. Red Teaming can be used to imitate attackers, other agencies, 
even Murphy’s Law, thus creating a closely synchronized planning staff, drive 
more complete analysis, and deliver a better plan.269 Through analysis, a trained 
Red Team can identify deviations from doctrine, reveal overlooked opportunities, 
and determine how well an agency understands its own plans and procedures.270 

Beyond leadership education, skilled and trained Red Teaming 

provides a means to build intellectual constructs that replicate how 
the enemy thinks [because the constructs] rest on a deep 
intellectual understanding of his culture, [the] ideological (or 
religious) framework through which he interprets the world...and his 
possible and potential strategic and operational moves.271 
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By carefully understanding and accurately imitating the enemy, an agency 
lessens the likelihood it will be caught by surprise and left unprepared. Effective 
use of Red Team fundamentals increases an organization’s opportunities by 
challenging aspects of plans, programs, and assumptions. Through the eyes of 
the enemy. Red Teaming can assist organizations to prepare for the 
unexpected.272 Homeland security leaders, by better understanding Red 
Teaming fundamentals, will know when to ask for alternative analysis and what 
to expect from alternative analysis.273 Finally, knowing the enemy and viewing 
the security-operating environment from the enemy’s perspective is an enabling 
skill set which will aid homeland security leaders in the understanding and 
anticipation of the adaptive and complex nature of the adversary.274 

2. Implement Support Teams 

DHS should implement decision support Red Teams as part of their force 
structure. 

Although Red Teams are currently being used within DHS, Decision 
support Red Teams need to be utilized by key DHS leaders. Decision support 
Red Teams should be implemented and used by DHS agency heads and critical 
division within the organization. This will provide DHS leaders an independent 
capability for alternatively analyzing issues facing the organization, provide an 
alternative perspective regarding the agencies plans, concept designs and 
security programs. These perspectives may be for the perception of other U.S. 
government agency perspective, the perspective of our international partners and 
our potential enemies. 
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3. Implement Joint Enterprise 

DHS should implement joint enterprise Red Teams between its own 
agencies and facilitate joint enterprise Red Teams between DHS and other 
security agencies, entities and partners. 

In addition to internal DHS Red Teams, the leaders of homeland security 
should consider joint enterprise Red Teams who would be comprised of 
members from several U.S. agencies, i.e.. Department of State, FBI, Border 
Security, TSA, National Counterterrorism Center, local and regional law 
enforcement agencies. Involving these various agencies provides a 
multidiscipline approaches to security and will help address multi-jurisdictional 
issues, while exploring opportunities for additional integrated security operations 
such as the current TSA VIPR program.275 This joint enterprise Red Team could 
be charged with examining intelligence process within various agencies, 
information sharing and collaborative security efforts. An advantage to creating a 
joint enterprise Red Team would be to bring members from various agencies and 
security partners to provide various incites to security issues and barriers to 
information sharing. This concept of a joint enterprise Red Team could also be 
utilized with international partners, to assist in identifying cultural barriers within 
the U.S. governmental agencies and international government agencies that 
serve to inhibit the development of efficient effective collaborative security 
solution, while also identifying potential solutions to overcoming those barriers. 

4. Implement Technology Development 

DHS should implement Red Team integration into the Homeland Security 
technology approval process. Finally, Red Teams should be involved in the 
Homeland Security technology approval process.276 Congress has instituted 
efforts to facilitate guidance and focused technology development in HLS. In 

275 Transportation Security Administration, VIPR Teams Enhance Security at Major Locai 
Transportation Faciiities, June 20, 2007. 

276 “U S. Homeiand Security (Government and Private) Market Outlook - 2007-2011,“ 
Homeland Security Research, January 2007. 
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2002, the U.S. Congress passed the SAFETY Act: (Support Anti-terrorism by 
Fostering Effective Technologies Act). Congress’s intent was to create a 
technology clearing house to indentify and facilitate the development and 
deployment of anti-terrorism technology by creating systems of “risk 
management” and “litigation management.” The systems are designed to provide 
liability protection in certain circumstances to DFIS-approved “Qualified Anti- 
Terrorism Technologies” (QATTs). The law was designed to facilitate broader 
and deeper involvement of industry in the creation of needed technologies to 
assist in the protection of the homeland and defeat terrorist tactics and 
operations. 

The current role of Red Teaming in technology development is varied, 
depending upon which federal agency is using the Red Team. Across the 
Department of Defense, Red Teams are tasked to provide assessments of 
concepts and technology, instead of their traditional roles as surrogate 
adversary.277 when Red Teams become involved in technology development, 
their Red Team process involves red/blue interaction in order to evaluate and 
recommend blue system improvements. The Red Team provides a disciplined 
approach to guide decision making in technology development. The team also 
provides warnings regarding the vulnerability of fielded capabilities and gives 
insight into determining what sensitive information they are to protect. By looking 
at the technology from the enemy’s perspective, often gapping vulnerabilities 
may be exposed. 

The need for Red Teaming in technology development is illustrated by the 
fact terrorists regularly find ways to defeat or thwart our technological superiority. 
In trying to understand how terrorist groups overcome defensive technologies, 
the RAND Corporation determined that terrorists typically respond to defensive 
technologies by: altering operational practices, making technological changes or 
substitutes, avoiding the defensive technology, or attacking the defensive 


277 jhe pioie gnci Status of DoD Red Teaming Activities, 11. 


65 



technology.278 jhe enemy knows of our technological superiority and adapts 
basic tactics that often defeat our technology. One example comes from 
Afghanistan. The Taliban, cognizant of the fact the U.S. could listen to their 
telephone conversations over wireless phones, would traditionally communicate 
important information only face to face. For other communications, they 
developed code to shorten the communication time. They also injected an 
element of deception by communicating in a manner intended to deceive the 
listener as to their true intentions. 

The Red Team Concept should be utilized and implemented by the DHS 
Science and Technology Directorate in the SAFETY Act implementation office. 
Currently, the regulatory approval cycle for technologies applying to DFIS is 120 
days from application to approval. During the 120-day regulatory cycle of the 
DFIS approval cycle, a Red Team should assess the technology being presented. 
The Red Team assessment will look at the technology from the enemy’s 
perspective. 

This assessment will lead to improved design and implementation of the 
system throughout its life cycle. The Red Team can play the role of the 
Oppositional Force, providing constrained, reproducible, adversarial perspective 
to generate likely adversary observables to test detection and train blue force 
actions. Through experiments, the Red Team can explore technology’s response 
to the stimulus of an adversary and determine the preferred response of the 
system, while also validating the system and identifying operational constraints. 


278 Brian Jackson et al., Breaching the Fortress Wall: Understanding Terrorist Efforts to 
overcome Defensive Technologies, RAND Corporations 2007. 
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